187 matches found
The vulnerability of the file loading mechanism on the server of the distributed application development platform SiTex allows a perpetrator to upload a malicious file to the server.
The vulnerability of the file loading mechanism on the server of the distributed application development platform SiTex is related to the lack of measures for cleaning incoming data. Exploiting this vulnerability allows a malicious actor to upload a malicious file to the server remotely...
PT-2020-7942
Name of the Vulnerable Software and Affected Versions: sanitize-html versions prior to 1.4.3 Description: The issue allows an attacker to execute arbitrary Javascript due to the lack of recursive sanitization of input in affected versions of sanitize-html. Recommendations: Update to version 1.4.3...
CVE-2019-7552
An issue was discovered in PHP Scripts Mall Investment MLM Software 2.0.2. Stored XSS was found in the the My Profile Section. This is due to lack of sanitization in the Edit Name section...
CVE-2018-16480
A XSS vulnerability was found in module public 0.1.4 that allows malicious Javascript code to run in the browser, due to the absence of sanitization of the file/folder names before rendering...
business-central: Multiple stored XSS in task and process filters
JBoss BRMS 6 and BPM Suite 6 are vulnerable to a stored XSS via several lists in Business Central. The flaw is due to lack of sanitation of user input when creating new lists. Remote, authenticated attackers that have privileges to create lists can store scripts in them, which are not properly...
UBUNTU-CVE-2009-4490
minihttpd 1.19 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator...
Cross site scripting
Cross-site scripting XSS vulnerability in Softcomplex PHP Event Calendar 1.5 allows remote authenticated users to inject arbitrary web script or HTML, and corrupt data, via the 1 username and 2 password parameters, which are not sanitized before being written to users.php. NOTE: while this issue...